I am trying to submit data through form and came across the below error:
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given ..
Please find the code I have tried.
//connection end to my data server.
if(isset($_POST["submit"])) {
$user_name = $_POST['name'];
$user_email = $_POST['email'];
$user_skype = $_POST['skype'];
if($user_name==""){
echo "<script>alert('please enter your user name!')</script>";
exit();
}
if($user_email==""){
echo "<script>alert('please enter your email!')</script>";
exit();
}
if($user_skype==""){
echo "<script>alert('please enter your skype id.')</script>";
exit();
}
$check_email = "select * from binary where user_email = '$user_email' ";
$run = mysql_query($check_email);
if(mysql_num_rows($run)>0){
echo "<script>alert('Your email $user_email address already exist. please try another.')</script>";
exit();
}
$query= "insert into binary (user_name, user_email, user_skype) values('$user_name','$user_email','$user_skype')";
if(mysql_query($query)){
echo "<script>window.open('success.html','_self')</script>";
}
}
?>
binary is sql reserrve word
use backticks around it
$check_email = "select * from `binary` where user_email = '$user_email' ";
check this link for sql reserve word. http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
and learn mysqli_ function or P.D.O as mysql is deprcitaeted
Please update your query:
It should be
$check_email = "select * from `binary` where user_email = '".$user_email."' ";
it seems select query returns boolean false because
$check_email = "select * from binary where user_email = '$user_email' "
where user_email = '$user_email' can not parse value of '$user_email' because variable inside single quat does not parsed with their value
use:- where user_email = ".$user_email;
and everything should work
Related
Hey guys I'm working on a login/register for and I'm struggeling with the following things. When registering there's a message (registration complete) but there's also an error I can't get rid off.
Als when the username is already taken there should be a message that says that but there isn't. The error I get is the following.
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, bool
given in C:\xampp\htdocs\test\registration.php on line 16
The code I use in registration.php is
<?php
session_start();
$con = mysqli_connect('127.0.0.1','jstam','12345');
mysqli_select_db($con, 'userregistration');
$name = $_POST['user'];
$pass = $_POST['password'];
$s = "select * from usertable where name = 'name' && passoword = '$pass'";
$result = mysqli_query($con, $s);
$num = mysqli_num_rows($result);
if($num == 1){
echo"Gebruikersnaam in gebruik";
}else{
$reg= "insert into usertable (name , password) values ('$name' , '$pass')";
mysqli_query($con, $reg);
echo"Registratie succevol";
}
?>
I believe you may have a typo in your code
$s = "select * from usertable where name = 'name' && passoword = '$pass'";
I assume that passoword should be password. Also, name should be $name
$s = "select * from usertable where name = '$name' && password = '$pass'";
As others have suggested, your code is vulnerable to SQL injection and should NOT be used in production.
I'm having a hard time identifying the cause of the problem of my code, which is, it won't query on the "UPDATE" part but the "SELECT" part does work. when i tried using the print_r function, it gives an errors/warnings namely:
"Warning: mysqli_query(): Couldn't fetch mysqli"** and **"Warning:
mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, null
given"
if(!isset($_POST['n_pass'])&&!isset($_POST['n_pass'])){
if(!isset($_POST['password'])||$_POST['password']==""){
echo 'enter current password';
die;
} else {
include 'include/database.php';
$fname = mysqli_real_escape_string($conn, $_POST['fname']);
$lname = mysqli_real_escape_string($conn,$_POST['lname']);
$email = mysqli_real_escape_string($conn,$_POST['email']);
$username = mysqli_real_escape_string($conn,$_POST['uname']);
$password = mysqli_real_escape_string($conn,$_POST['password']);
//Check if the password is equal to the password inside database
$sql = "SELECT password FROM users where id = $id";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$cpass = $row['password'];
$verify_pass = password_verify($password,$cpass); //check if current password is equal to the existing password
if($verify_pass != 1){
echo 'incorrect password';
die;
} else {
**//Update Data
$sql="UPDATE users SET firstname=$fname, lastname=$lname, email=$email, username=$username where id=$id";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
print_r($row['firstname']);
die;
header("Location: profile.php?successfullyupdated");
}
}
}
Your query is missing the quotes around the strings:
$sql="UPDATE users SET firstname='$fname', lastname='$lname', email='$email', username='$username' where id=$id";
You can skip only the id field since it is an Integer.
Sidenote: you are wide open to SQL Injections. You should use prepared statements.
There are plenty of resources on google to start with this topic
Finally, note that
$row = mysqli_fetch_assoc($result);
print_r($row['firstname']);
is completely useless since you are not returning anything from the UPDATE query.
You can do:
if(mysqli_query($conn, $sql)){
//query was successful - run your code here for success
}else{
//query failed - run your code here for fail
}
This question already exists:
How to construct an SQL query correctly in a PHP script? [duplicate]
Closed 5 years ago.
If I run this with the query
"SELECT * FROM users";
It returns my result. But as soon as I run this
$username = $_POST['username'];
$password = $_POST['password'];
$login = "SELECT * FROM users WHERE name= ".$username." AND password= ".$password."";
it doesn't.
If I run it in Mysql workbench without the variables it works. If I run echo the $_POST values they come through correctly.
I am stumped as to what I'm doing wrong PLEASE!! help me.
I also ran my code through https://phpcodechecker.com/ and it cant see any errors in my code.
This is the full function.
function login($username,$password){
global $db_conn;
$conn = new mysqli($db_conn['servername'], $db_conn['username'], $db_conn['password'], $db_conn['dbname']);
$username = $_POST['username'];
$password = $_POST['password'];
$login = "SELECT * FROM users WHERE name= ".$username." AND password= ".$password."";
$login_result = $conn->query($login);
if ($login_result->num_rows > 0) {
$output = array();
while($row = $login_result->fetch_assoc()) {
$output[] = $row;
echo "".$row['name']."-".$row['password']."<br>";
}
} else {
echo "Invaild Login Details!"."<br>" ;
$conn->close();
return false;
}
}
Every time it says "Invalid Login Details!" But I know their is one result that gets returned.
What am I doing wrong?
Inserting variables into your SQL directly is a major source of SQL Injection Attacks. Use PDO for security.
https://www.php.net/manual/en/book.pdo.php#114974
change the query like this
$login = "SELECT * FROM users WHERE name= '$username' AND password= '$password'";
note: this method is prone to sql injection attacks. try prepared statements to avoid it
try with ''(single quote) for comparing name and password
"SELECT * FROM users WHERE name= '".$username."' AND password= '".$password."'";
$login = "SELECT * FROM users WHERE name = '{$username}' AND password =
'{$password}' ";
You can simply specify the variables no need to go for string append to construct query in php
Eg :
Query = "SELECT * FROM `users` where username = '$username' AND password = '$password' " ;
try following code
$login = "SELECT * FROM users WHERE name= '".$username."' AND password= '".$password."'";
I am Android developer and trying to make one API for register user using PHP and Mysqli. I have made API like below
<?php
include("dbconnection.php");
$email= $_GET['email'];
$query = mysqli_query($conn, "SELECT * FROM tbl_user WHERE email='".$email."'");
if (!$query){
die('Error: ' . mysqli_error($con));
}
if(mysqli_num_rows($query) > 0){
$response='success';
}else{
$sql = "INSERT INTO tbl_user(email)VALUES ('".$email."')";
if (mysqli_query($conn, $sql)) {
$response='success';
}else {
$response='error';
}
}
echo json_encode($response);
?>
basically I am passing email as parameter like example.com/login?=abc#gmail.com
and I want check that email is already in database table or not. if email exist in database I want return user_id in response and if email is not in database than I want add that email in database and want return user_id. I have made API is working fine as I require but I do not know how to return user_id located with that email. Let me know if someone can give me idea to solve my puzzle. Thanks
The below code will create an array with message and user_id.
include("dbconnection.php");
$email= $_GET['email'];
$query = mysqli_query($conn, "SELECT * FROM tbl_user WHERE email='".$email."'");
if (!$query){
die('Error: ' . mysqli_error($con));
}
if(mysqli_num_rows($query) > 0){
// assign message to response array
$response['message']='success';
// Get the results data
while($row = mysqli_fetch_assoc($query)) {
// assign user_id to response array
$response['user_id'] = $row['user_id'];
}
}else{
$sql = "INSERT INTO tbl_user(email) VALUES ('".$email."')";
if (mysqli_query($conn, $sql)) {
$response['message']='success';
// assign last inserted id to response array
$response['user_id'] = mysqli_insert_id($conn);
}else {
$response['message']='error';
}
}
echo json_encode($response);
Prepared statements help you secure your SQL statements from SQL Injection attacks.
First of all, you should use PreparedStatement to avoid sql injection.
Then, second you can use PDO::lastInsertId()
So im trying to do what should seem and probably is a very simple mundane task. I am trying to check for an email address in my db. I dont know if im on the right track or not, can some one straiten me out please?
$query = "SELECT * FROM 68_users WHERE email= $email";
if($result = mysqli_query($link, $query) == $email) {
echo 'Email has been registered';
}else{
$query = "INSERT INTO 68_users (email,pass,old_pass,first_name,last_name,dob,gender,phone,fanmail)
VALUES ('$email',AES_ENCRYPT('$pass', 'something'),AES_ENCRYPT('$pass', 'something'),'$first_name','$last_name','$dob','$gender','$phone','$fanmail')"
or die(mysqli_error());
if ( !mysqli_query($link, $query) ) {
echo 'error: '.mysqli_error($link);
exit();
}
}
mysqli_close($link);
}
Thank you all for your help. I need to figure out a debugging situation for php. Right now i write in eclipse and debug on my site, very aggravating.. this is what i used:
$query = "SELECT * FROM 68_users WHERE email= '$email'";
$result = mysqli_query($link, $query);
if($result->num_rows > 0) {
echo 'This email has previously been registered';
}else{
$query = "INSERT INTO 68_users (email,pass,old_pass,first_name,last_name,dob,gender,phone,fanmail)
VALUES ('$email',AES_ENCRYPT('$pass', 'something'),AES_ENCRYPT('$pass', 'something'),'$first_name','$last_name','$dob','$gender','$phone','$fanmail')"
or die(mysqli_error());
if ( !mysqli_query($link, $query) ) {
echo 'error: '.mysqli_error($link);
exit();
}
header( 'Location: http://www.example.com/html/thankyou.html' ) ;
}
this query will fail as you need apostrophes around the email variable. also you can simply run the query and see how many rows are return:
$query = "SELECT * FROM 68_users WHERE email= '$email'";
$result = mysqli_query($link, $query);
if($result->num_rows > 0) {
echo 'Email has been registered';
}else{
// ....
}
You need quotes around the variable $email,
$query = "SELECT * FROM 68_users WHERE email= '$email'";
You will need to see the result of the rest of the code, to know if everything else works fine.
Without knowing the results of your current code, the one problem I can spot is that you want to make sure you enclose the email value in single-quotes for your query statement to ensure that it is evaluated properly:
$query = "SELECT * FROM 68_users WHERE email='$email'";
Omitting the quotes will result in an error when your query executes, which depending on your verbose handling, may or may not be visibly apparent. As a further point, this would be where basic debugging comes into play, which is a fundamental for all programmers.
Remove the equality check for your email, as your query statement is already doing that for you. If there aren't any rows returned, then it will return false and trigger the else statement:
$query = "SELECT * FROM 68_users WHERE email='$email'";
if($result = mysqli_query($link, $query)) {
// Registered
}else{
// Not Registered
}
$query = "SELECT * FROM 68_users WHERE email= '$email'";
will also return a array of values, your "if ($result ... == $email)" will fail.
*var_dump($result)* to see whats coming back from the query.